Date
05 juin 2025

Clémentine Maurice (Crystal, CNRS) présente ses travaux en séminaire le jeudi 05 juin à 14h en 301

Over the past decade, many different automated approaches have been developed to detect side-channel vulnerabilities in cryptographic libraries. However, despite this abundance of tools, side-channel vulnerabilities are still regularly (and manually) found in cryptographic libraries. In this talk, we will investigate this paradox. We begin with a short example of an attack on a real cryptographic library using a cache side-channel attack called Flush+Reload. We continue with a survey and classification of recently published side-channel vulnerabilities and side-channel detection tools. We propose a unified benchmark, and our evaluation suggests several reasons why existing tools may struggle to find vulnerabilities. We conclude by analyzing the impact of recent attacks on such automated detection tools.

UPJV